In recent years, malicious programmers have created a variety of sophisticated attacks aimed at high-profile or high-level entities, such as governments, corporations, political organizations, defense contractors, or the like. In many cases, the goal of such an attack is to gain access to highly sensitive or confidential information, such as financial information, defense-related information, and/or intellectual property (e.g., source code), and/or to simply disrupt an entity's operations.
Many such attacks involve sending emails to a targeted entity that contain an attachment that has been carefully crafted to take advantage of an as-yet-undiscovered vulnerability of a particular application (commonly known as a “zero-day” exploit). Because many security software companies attempt to combat malware by creating and deploying malware signatures (e.g., hash functions) that uniquely identify known malware, this type of targeted attack (commonly known as a “spear phishing” attack) is often difficult for traditional security software to detect and/or neutralize since the exploits in question have yet to be publicly discovered.
In addition, while traditional security software may allow entities to block access to email attachments of a particularly dangerous file type (such as executable files), many entities are reluctant to block access to a variety of commonly used, but nonetheless exploitable, file types (such as MICROSOFT OFFICE files, ADOBE ACROBAT files, media files, video files, etc.) since these file types are frequently used as a means for exchanging information electronically. Unfortunately, malicious programmers may take advantage of this fact by deploying spear-phishing attacks that include attachments that exploit vulnerabilities within such commonly used file types.
As such, the instant disclosure identifies a need for improved systems and methods for identifying and neutralizing exploits contained within email attachments that are crafted to take advantage of specific vulnerabilities within the applications designed to handle such attachments.